Logging in with a smartcard to windows is usually supported ony for enterprise installations based on a domain controller. If you want this feature at home, all you need is the open source software EIDAuthenticate, a SmartCard including the driver (middleware) and a certificate. I recommend the Gemalto .NET IM V2+ SmartCard and a Certificate from StartSSL.
Installing the Software
Just download and install the latest version of EIDAuthenticate. Walk through the installer
Setting up the certificate for logon
Reboot your PC. After boot up, enter the control panel and open “Smart Card Logon”
Select “Use Preconfigured Card”
The dialog lists your all certificates on the card. You might not have a certificate on the card, the certificate chain is not complete or the EKU (Extended Key Usage) is not okay. In those cases it would be better to genereate a new certificate which allows SmartCard Logon.
Once you have the certificate on the card, you must import the issuer CA certificate as trusted in the windows certificate store. This will make all certificates issued by that CA trusted by windows. To do that
- Start Menu, click Run… and type mmc
- In MMC, File->Add/Remove Snap-in… and click the Add button
- Select Certificates from the list of snap-ins and click Add.
- Choose the Computer Account radio button. Click Next and then Finish.
- Right click on the Trusted Root Certification Authorities folder and choose All Tasks -> Import… to bring up the Certificate Import Wizard.
The Certificate Import Wizard will walk you through the process of selecting a certificate file and adding it to the store.
Enter the Smart Card Logon settings again and your certificate will be showen as trusted.
Press Continue
Type your password and press finish. If you like the smartcard signon, you can later select to allow logon only with smartcard.
Finally, enter your SmartCard PIN.
Done! On next login, you can sign on with the smartcard.
1 Kommentar:
intouch smartcards
Smartcard readers
Kommentar veröffentlichen